I figured, so using SecurityComponent will protect against this. I have to re-visit that component, I was having some issues on forms when they came from a redirect (ie, external auth)
Thanks On Tuesday, March 6, 2012 5:01:38 PM UTC-5, PhpNut - Larry E. Masters wrote: > > > Hi all, >> >> I'm sure we've all heard about what happened with RoR and Github just >> recently - >> >> https://github.com/rails/rails/issues/5228 >> >> http://arstechnica.com/business/news/2012/03/hacker-commandeers-github-to-prove-vuln-in-ruby.ars >> >> So I can see how this could possibly be done in Cake as well (haven't >> tried), but just adding a hidden field to the form with the values. >> >> So - what's the best way (in Cake) to protect against this? Is it >> setting the allowed fields in the $this->Model->save() call? Is the a >> better way? > > > > CakePHP has protected against this for years. Follow conventions, use the > Security Component and Form Helper. > > $components = array('Security'); > > > -- > Larry E. Masters > > -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php
